Content, Content, Security Program Controls/Technologies, Distributed Workforce

Avoid Third Party Mobile Android App Stores, RiskIQ Warns

Be aware of the apps you load onto your mobile device, warns mobile malware watchdog RiskIQ in its Q4 2017 Mobile Threat Landscape Report. While the admonition isn’t new, it’s well worth repeating consider the number and types of dangerous apps lurking in the wild.

The San Francisco-based cloud security intelligence provider, which monitors some 120 mobile app stores worldwide and scan nearly two billion resources daily, said the number of blacklisted apps shrunk by 37 percent in Q4 compared to the prior period but still featured threats such as brand imitation, phishing, and malware. New bugs, such as a bankbot network preying on cryptocurrency customers, also appeared on the scene.

Here are some pertinent stats from the report:

  • The number of blacklisted apps fell by 37 percent sequentially, which RiskIQ tied to a huge increase in Q3 of malicious apps at the AndroidAPKDescargar store. Of the roughly 21,000 blacklisted apps seen in Q4 only 7,419 were new, an indication of how one store can impact the entire landscape, RiskIQ said.
  • July was the busiest blacklist month in 2017 at nearly 30,000 bad apps seen, mapping to the arrival of the AndroidAPKDescargar store.
  • The Google Play store led the way in Q4 with 9,375 matching against at least one blacklist such as VirusTotal. Overall, while only six percent of the total apps in Google Play are blacklisted, the figure went up two percent from the previous quarter.
  • Included in RiskIQ’s blacklisted apps are the 14,758 flagged for adware, nearly 80 percent of which were also identified for malicious behaviors such as acting as a trojan or spyware. Even though adware may seem relatively harmless, it is frequently delivered with other malicious behaviors, the report said.
  • Chief among mobile malware developers is KitApps with 26 blacklisted apps observed in Q4, 56 in Q3, and 24 in Q2, for a total of 147 blacklisted apps in 2017. All but six of the blacklisted apps from KitApps were found in the AndroidAPKDescargar store. KitApps has 5,797 total observed apps this year, so the overall percentage of blacklisted versions is very small, but 96 percent of the blacklisted versions are in one store.

RiskIQ also offered mobile device users some friendly advice:

  • Only download from official stores, like the Google Play store. It is far safer to download from there than third-party stores which may be used for malicious campaigns.
  • Logos for malicious apps will often closely resemble that of the app they are imitating but not exactly, down to a slight misspelling or a punctuation mistake. Beware of seemingly simple apps such as a flashlight that could try to steal your information without you knowing.
  • Regardless of what store an app comes from, check the permissions the app is asking for. If the permissions are unnecessary for the app’s purpose or there’s too many of them, better to be safe than sorry.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.